Web application security - the fast guide 1.1

Chapter 3 - Vulnerabilities and threat models P a g e | 55 AccessComplexity = case AccessComplexity of high: 0.35 medium: 0.61 low: 0.71 Authentication = case Authentication of requires multiple instances of authentication: 0.45 requires single instance of authentication: 0.56 requires no authentication: 0.704 ConfImpact = case ConfidentialityImpact of none: 0.0 partial: 0.275 complete: 0.660 IntegImpact= case IntegrityImpact of none: 0.0 partial: 0.275 complete: 0.660 AvailImpact= case AvailabilityImpact of none: 0.0 partial: 0.275 complete: 0.660 To take time effect into consideration we need to use temporal equation that will use the base score to generate a value ranging between (0-10) the resulted value should not exceed the base value and be greater than 33% of base value. TemporalScore=round_to_1_decimal(BaseScore*Exploitability*RemediationLevel*ReportCo nfidence) Exploitability = case Exploitability of unproven:0.85 proof-of-concept:0.9 functional:0.95 high:1.00 not defined:1.00 RemediationLevel = case RemediationLevel of official-fix:0.87 temporary-fix:0.90 workaround:0.95 unavailable:1.00 not defined:1.00 ReportConfidence = case ReportConfidence ofunconfirmed:0.90 uncorroborated:0.95 confirmed:1.00 not defined:1.00

Web application security - the fast guide 1.1 | Page 55